opening the box: fundraising & regulatory compliance · personal data must be processed fairly...
TRANSCRIPT
![Page 1: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/1.jpg)
Opening the box: Fundraising & Regulatory Compliance
Ian Inman - Group Manager, Strategic Liaison
Natasha Longson – Team manager, Enforcement
![Page 2: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/2.jpg)
What are we covering?
• Key legal concepts
• Re-use of publicly available data
• Wealth Screening
• Data matching/Teleappending
![Page 3: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/3.jpg)
Key legal concepts
Principle 1 DPA:
Personal data must be processed fairly and lawfully and on
the basis of a schedule 2 and (where necessary) schedule 3
condition.
Fairness – 2 parts
• Transparency – Telling individuals who you are and what
you are doing with their personal data.
• Fairness – Not processing personal data in ways individuals
would not reasonably expect.
![Page 4: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/4.jpg)
Key legal concepts
Principle 1 DPA:
Personal data must be processed fairly and lawfully and on the
basis of a schedule 2 and (where necessary) schedule 3
condition.
Only two relevant to the activities we are looking at today:
• Consent
• Legitimate interests
![Page 5: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/5.jpg)
Key legal concepts
Section 27(5)
‘Except as provided by this part, the subject information
provisions shall have effect notwithstanding any enactment or
rule of law prohibiting or restricting the disclosure, or
authorising the withholding, of information.’
In simple terms – unless you can satisfy an exemption
from within the Data Protection Act 1998, the duty to
provide fair processing information to individuals will
apply!
![Page 6: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/6.jpg)
Re-use of publicly available data
Publicly available covers a range of data: • Electoral roll • Public registers (Companies
House) • Press reports • Social media Key point: It is not fair game! Remember s.27(5) – You must still provide fair processing information unless an exemption applies!
![Page 7: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/7.jpg)
Wealth Screening
![Page 8: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/8.jpg)
Wealth Screening
What is it? Wealth Screening covers a variety of activities: • Database segmentation by post code
• Detailed research and data collation on
job, income, area of residence, family jobs etc.
Aimed at determining likely level of donation or likelihood of legacy donation.
![Page 9: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/9.jpg)
Wealth Screening
Data Protection Implications • It involves the processing of individuals’ personal data – sometimes
including data that they have not provided to you.
• It is privacy intrusive – Some acts are less intrusive than others
• You will need a schedule condition – If relying on legitimate interests, remember to consider the prejudice to the rights and freedoms of the individual, particularly their privacy rights!
• Fairness – Individuals would not reasonably expect this activity to take place. You must inform them clearly, prominently and in a way they will understand what this involves in terms of the use of their data.
![Page 10: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/10.jpg)
Data matching/teleappending
![Page 11: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/11.jpg)
Data matching/teleappending
What is it? Data matching/teleappending covers activities such as: • Obtaining telephone numbers or email
addresses, or • Obtaining up to date address details
where it becomes apparent an individual has moved.
![Page 12: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/12.jpg)
Data Matching/ Tele-appending
Data Protection Implications • This will typically involve processing personal data an individual
never provided to you.
• Fairness – Remember reasonable expectations! Would an individual reasonably expect you to call them on a number they never gave you?
• Accuracy – You do not need to do this to comply with your accuracy obligations under the DPA.
![Page 13: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/13.jpg)
Summary
• Remember s.27(5) – You must provide fair processing information
unless you have an exemption from the duty to do so. (Regardless
of where you obtained the data from)
• Fairness – Tell people, clearly and prominently what you are doing
with their data. Think! Would individuals reasonably expect you to
do what you are doing? If not, the more important it is that you
tell them and that you do so clearly, prominently and in a way
they can understand.
• Legitimate basis – are you relying on consent or legitimate
interests? Consent must meet all the requirements set out in the
law. It is not sufficient to simply have a legitimate interest, you
must balance this against the prejudice to the rights and freedoms
of individuals.
![Page 14: Opening the box: Fundraising & Regulatory Compliance · Personal data must be processed fairly and lawfully and on the basis of a schedule 2 and (where necessary) schedule 3 condition](https://reader035.vdocuments.net/reader035/viewer/2022071109/5fe496343adf341d2871f4d0/html5/thumbnails/14.jpg)
@iconews
Keep in touch
Subscribe to our e-newsletter at www.ico.org.uk or find us on…
/iconews